How to Integrate Office 365 calendar with SSO in Zoom
In order to enable and authorize the calendar and contacts integration for all users, administrators can use the Single Sign-On (SSO) configuration to collect the access token for Outlook and use that to enable and authorize both functions for the users. When the end user authorizes this integration, Zoom will automatically populate their calendar and contact details in their Zoom desktop client after they authorize this integration. Zoom’s meeting list shows up in the Zoom contact directory, and the Zoom calendar events are shown in the Zoom meeting list as well.
It is necessary to implement Single Sign-On on the account as well as to federate the account’s identity provider with Azure Active Directory in order to configure this integration.
Note:
Find out more about how to integrate your calendar and contacts in the web portal by viewing the account-level settings.
Contents
Prerequisites for integrating Office 365 when signing in with SSO
- Permissions to own or administer an account
- Role as an administrator in Office 365
- An Office 365 environment that is either complete or hybrid
Note: It is not supported to implement a solution that is entirely on-premises. - Configuration of SSO with Zoom
- An integration between the IDP and Azure Active Directory through the use of federation
- Take a look at how Okta can help you with this.
- Take a look at how you can do this with Ping by clicking here
- In order to integrate with Office 365, contact and calendar integration needs to be configured
How to enable Ask users to integrate Office 365 with SSO credentials
Account
- You will need to sign in to the Zoom web portal.
- Click on Account Management in the navigation menu, and then click on Account Settings in the Account Management section.
- Click on the Meetings tab on the left hand side of the screen.
- When a user signs in for the first time with their SSO credentials, the Ask users to integrate their Office 365 calendar can be selected via the toggle switch under Calendar and Contacts.
- In order to make Zoom redirect your users to the Office 365 OAuth URL the first time they are logged in through SSO, you have to select Ask users to do so the first time they sign in. The users are only able to set up calendar and contact integration manually if they do not accept the OAuth request or if an error occurs.
- When you choose to redirect your users to the Office 365 OAuth URL every time they sign in using SSO, and the users do not have calendar and contact integration set up yet, Zoom will redirect them to the Office 365 OAuth URL every time they sign in using SSO.
- Click Enable or Disable if a verification dialog appears.
Note: The option must be changed at the account level if it is grayed out. The option must be changed at the account level if it has been locked. - Click on the lock icon , and then click Lock to confirm that the setting should be mandatory for all users in the group. If you wish to make this setting mandatory for all users in the group, click the lock icon.
How to grant permission to use the Zoom app in Microsoft Azure
In order for the Zoom app to integrate users’ calendars and contacts from Azure, the Office 365 admin needs to grant Zoom permission to do so. There is the option to either grant permissions to all applications if you want to allow the integration, or only to Zoom if you want to allow integration.
How Office 365 admin grant permission to all apps
- Make sure that you are logged in with an Azure account that has the permission to grant admin consents.
- You will then be able to see a list of Enterprise applications under Azure Active Directory.
- You will need to select Allow user consent for apps under the User consent for applications section of the page.
Note:ย The propagation of this change will take about 30 minutes to complete.
How Office 365 admin grant permission to the Zoom apps only
- If you have been granted an admin role on the Azure portal, then simply sign in using that role.
- In the Azure Active Directory, select Enterprise applications and then select Azure Active Directory.
- You will need to select Zoom from the app list.
- Choose Permission from the Security section, then click Grant admin consent under the Permission section.
What to do if Office 365 admin did not grant permissions to use the Zoom app in Azure
Users are receiving an error at the time of sign-in when trying to integrate their calendar and contacts, stating that they require admin approval to do so. A user may find this is occurring as a result of their Office 365 admin account being configured to disable the option that allows apps to access company data in Azure on their behalf.
Office 365 admin to add the calendar service to Zoom
To correct the issue that causes you to receive the Need admin approval notice during the sign-in process, please follow these steps:
- Using the Zoom web portal, sign in to your account.
- Click on the Room Management link in the navigation menu, then click on the Calendar Integration link.
- Click on the Add a Calendar Service link under the Calendar Integration section.
- Choose Office 365 from the list of calendar services in the Select a Calendar Service window.
- Depending on your needs, you may choose to authorise with EWS or OAuth 2.0.
- Please visit this Microsoft documentation for more information about these options if you would like to learn more about them.
- Check out Setting Up Zoom Rooms with Office 365 for more information about the Account Permission Type.
- Select the checkbox next to Admin Authorization that says I am an Office 365 administrator and consenting on behalf of the company under I am an Office 365 administrator.
- Please click the Authorize button to begin the process.
To sign into your account, you will be redirected to Microsoft’s sign in page, where you can enter your password.
Note: The calendar integration process must be completed before going into the profile and setting up the integration of the calendar.
Office 365 admin to grant permission in Microsoft Azure
The Office365 administrator can grant permissions to use the Zoom app in Azure according to the instructions in the article How to grant permissions to use the Zoom app in Azure.
Office 365 admin to approve the calendar integration for the user
Account admins can require their users to provide admin consent before allowing them to integrate their calendars with their accounts. The following permission needs to be provided by an admin when authorizing a change to an entire account:
- To access the Zoom web portal, you will need to sign in.
- Click Account Management in the navigation panel, then click Account Settings in the Account Management section.
- Click on the Meeting tab at the top of the page.
- It is necessary to enable the Consent to Office 365 calendar integration permissions on behalf of the entire account toggle under Calendar and Contacts in order to use the integration.
In this case, you will have the option during the admin authorization process below to indicate that you are the Office 365 administrator and you are consenting on behalf of the company.
During the authorization process, users will need to be able to consent to the Calendar and Contact Integration on their behalf via an Office365 admin. Once they have enabled the integration, they will need to wait for the admin to consent to it:
- Sign in to the Zoom web portal by entering your email address and password.
- Click Profile from the navigation menu at the top of the page.
- Click on Configure Calendar and Contacts Service under the Other section of the Calendar and Contacts Integration section of the page.
- You will be able to select Office 365 by clicking the Next button.
- You will then be able to click on Authorize because you will have the option I’m the Office 365 admin and I’m consenting on behalf of the company at the bottom of the page.
- In order to grant the user permission, you will need to enter the Office 365 admin credentials.
Use an Office 365 hybrid environment
There are some circumstances in which an Office 365 hybrid environment should use the EWS URL to authorize OAuth because Microsoft Graph is necessary for an Office 365 hybrid server that is older than Exchange 2016 Cumulative Update 3 (CU3), released in September 2016, because you have an Exchange 2016 on-prem server that is earlier than CU3 (released in September 2016). You can find more information on the Microsoft support website.
- In order to integrate Office 365 calendars and contacts, you will need to set up the following:
- Make sure that the Authorize with EWS URL option is selected.
- Click on the Save button once you have entered your EWS URL.
Permission control
If an administrator tries to configure the calendar and contacts integration for Office 365, he or she cannot change permissions.
- In order to integrate your calendar and contacts with Office 365, you need to:
- Make sure you do not select Authorize with EWS URL in the Authorize with EWS URL field.
- After changing the permissions, click on the Save button to save the changes.